search
Get HelpForm.io on GitHub

LDAP Login Actions

Configuring a a form to use LDAP Login actions for authentication

LDAP Authentication integration provides the ability to authenticate users directly against an LDAP service such as OpenLDAP or Active Directory. The LDAP Login action connects the Username and Password credentials from the form to the LDAP directory.

hashtag
Settings

Username Field: The Username field from the form mapped to the username field from the LDAP directory

Password Field: The Password field from the form mapped to the username field from the LDAP directory

Passthrough: If checked, any failures except for a failure to Bind the user account, will be ignored and the login information will be passed to the next form action. This allows using both LDAP and the Form.io Login action on the same form.

LDAP Property: Group name within the LDAP directory

Value: Given Role from the LDAP Directory

Role: Form.io role the Property group and Value will map to.

hashtag
Walkthrough

circle-info

LDAP Integration must first be configured within your Project settings before the workflow can function.

Click Here for more information on integration setup.arrow-up-right

hashtag
Build an LDAP Login Form

Create a new form that will be used to Login to LDAP:

  1. Click on New Form, and then add a User Name text field and a Password field named Password:

  1. Click the Create Form button to create the new form.

Next, ensure that Anonymous users are able to submit this form.

  1. Click on the Access settings and add the Anonymous role to the Create Own Submissions permission.

hashtag
Add the LDAP Login Action

  1. Navigate to the Actions section of the form.

  2. Remove the Save Submission Action by clicking the red trash can icon.

  3. Select LDAP Login (Premium) then click Add an action button.

hashtag
Configure the LDAP Login Action

  1. Within the LDAP Login Action, configure the following parameters:

    1. Username field - Map to the Form's User Name component.

    2. Password Field - Map to the Form's Password component.

    3. LDAP Property - Leave blank

    4. Value - Leave blank

    5. Role - Select Authenticated

    This will assign the Authenticated role to all LDAP users who authenticate through the form.

circle-info

When using Passthrough authentication, any failures except for a Failure to Bind the User Account, will be ignored and the login information will be passed to the next form action. This allows using both LDAP and the Form.io Login action on the same form.

hashtag
Assign Roles

To assign additional roles to the usesr upon Authentication, map any LDAP properties to user roles:

  1. Fill in the property with the corresponding property that maps to the desired role.

  2. Fill in the corresponding value.

  3. Select the Role that will be assigned to any users who match the criteria. For example:

    • LDAP Property: group

    • Value: Admins

    • Role: Admin

    Would assign the Admin Form.io role to any members of the LDAP Admins group.

circle-info

Leaving LDAP Property and Value will to assign the role to all LDAP accounts who authenticate.

The user’s DN is also mapped to the list of properties. For example, if the DN is dn=myname,ou=admins,dc=example,dc=org you can do:

  • LDAP Property: ou

  • Value: admins

  • Role: Admin

  1. Save the changes before proceeding.

hashtag
Testing LDAP Login

To test the LDAP login, perform the following API request within Postman:

Here you will see that the Authenticated role has been assigned to the user object.

PreviousOAuth ActionsNextGoogle Sheets Actions

Last updated

Was this helpful?